Crash on android 13 x86_x64
Closed this issue · 13 comments
Hello, dear creators for fast and powerful lib. I have faced another issue with the android 13. Here's stack trace. This happen almost all time when disconnect.
`ndk-stack -sym obj/local/x86_64 -dump crashstack.txt
********** Crash dump: **********
Build fingerprint: 'google/sdk_gphone64_x86_64/emu64x:13/TE1A.220922.012/9302419:userdebug/dev-keys'
Abort message: 'Scudo ERROR: corrupted chunk header at address 0x71257225bb00'
#00 0x000000000005f6ff /apex/com.android.runtime/lib64/bionic/libc.so (abort+191) (BuildId: 007cb2313464df63debf8020e631c990)
#1 0x0000000000048dd5 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::die()+5) (BuildId: 007cb2313464df63debf8020e631c990)
#2 0x00000000000493c8 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::ScopedErrorReport::~ScopedErrorReport()+24) (BuildId: 007cb2313464df63debf8020e631c990)
#3 0x00000000000494b2 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportHeaderCorruption(void*)+66) (BuildId: 007cb2313464df63debf8020e631c990)
#4 0x000000000004acd9 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+313) (BuildId: 007cb2313464df63debf8020e631c990)
#5 0x000000000003dbf7 /data/app/~~SG1GNAAPvj0sUTcOl8YTqA==/com.-AzossUaucGeKM6Qliwd4mQ==/lib/x86_64/libhev-socks5-tunnel.so (pbuf_free+119) (BuildId: 0735365fce0eeb8285dacd2245c0900a62323e56)
pbuf_free
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/pbuf.c:780:11
#6 0x00000000000413f5 /data/app/~~SG1GNAAPvj0sUTcOl8YTqA==/com.-AzossUaucGeKM6Qliwd4mQ==/lib/x86_64/libhev-socks5-tunnel.so (tcp_pcb_purge+309) (BuildId: 0735365fce0eeb8285dacd2245c0900a62323e56)
tcp_seg_free
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:1646:7
tcp_segs_free
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:1631:5
tcp_pcb_purge
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:2184:5
#7 0x00000000000400bb /data/app/~~SG1GNAAPvj0sUTcOl8YTqA==/com..-AzossUaucGeKM6Qliwd4mQ==/lib/x86_64/libhev-socks5-tunnel.so (tcp_pcb_remove+75) (BuildId: 0735365fce0eeb8285dacd2245c0900a62323e56)
tcp_pcb_remove
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:2206:3
#8 0x000000000003fdf2 /data/app/~~SG1GNAAPvj0sUTcOl8YTqA==/com..-AzossUaucGeKM6Qliwd4mQ==/lib/x86_64/libhev-socks5-tunnel.so (tcp_abandon+114) (BuildId: 0735365fce0eeb8285dacd2245c0900a62323e56)
tcp_abandon
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:602:7
#9 0x000000000001c7a8 /data/app/~~SG1GNAAPvj0sUTcOl8YTqA==/com..-AzossUaucGeKM6Qliwd4mQ==/lib/x86_64/libhev-socks5-tunnel.so (hev_socks5_tunnel_main+392) (BuildId: 0735365fce0eeb8285dacd2245c0900a62323e56)
lwip_fini
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel//src/hev-main.c:84:13
hev_socks5_tunnel_main
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel//src/hev-main.c:139:5
#10 0x000000000001c5ce /data/app/~~SG1GNAAPvj0sUTcOl8YTqA==/com..-AzossUaucGeKM6Qliwd4mQ==/lib/x86_64/libhev-socks5-tunnel.so (BuildId: 0735365fce0eeb8285dacd2245c0900a62323e56)
thread_handler
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel//src/hev-jni.c:68:5
#11 0x00000000000ccd2a /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+58) (BuildId: 007cb2313464df63debf8020e631c990)
#12 0x0000000000060d37 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+55) (BuildId: 007cb2313464df63debf8020e631c990)
Crash dump is completed
`
Is it can reproduce on arm64?
Is it can reproduce on arm64?
Yes, 100% sure.
Is there a simple way to reproduce on arm64?
Yes, same. Right now.
ndk-stack -sym obj/local/arm64-v8a -dump crashstack.txt
********** Crash dump: **********
Build fingerprint: 'google/sdk_gphone64_arm64/emu64a:13/TPB4.220624.004/8808248:userdebug/dev-keys'
Abort message: 'Scudo ERROR: corrupted chunk header at address 0x2000079b7055c30'
#00 0x0000000000051894 /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
#01 0x0000000000041714 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::die()+8) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
#02 0x0000000000041dc0 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::ScopedErrorReport::~ScopedErrorReport()+32) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
#03 0x0000000000041ef8 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportHeaderCorruption(void*)+96) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
#04 0x0000000000043914 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+296) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
#05 0x000000000003a5d4 /data/app/~~fmd-2eOIZQSyK8cYztFZOA==/com..-nz1s8sHHudJOM_pfsiyGAA==/lib/arm64/libhev-socks5-tunnel.so (pbuf_free+144) (BuildId: b4165fa603dc881bacc33c777bad88a1554f8f76)
pbuf_free
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/pbuf.c:780:11
#06 0x000000000003e284 /data/app/~~fmd-2eOIZQSyK8cYztFZOA==/com..-nz1s8sHHudJOM_pfsiyGAA==/lib/arm64/libhev-socks5-tunnel.so (tcp_pcb_purge+256) (BuildId: b4165fa603dc881bacc33c777bad88a1554f8f76)
tcp_seg_free
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:1646:7
tcp_segs_free
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:1631:5
tcp_pcb_purge
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:2184:5
#07 0x000000000003cd58 /data/app/~~fmd-2eOIZQSyK8cYztFZOA==/com..-nz1s8sHHudJOM_pfsiyGAA==/lib/arm64/libhev-socks5-tunnel.so (tcp_pcb_remove+76) (BuildId: b4165fa603dc881bacc33c777bad88a1554f8f76)
tcp_pcb_remove
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:2206:3
#08 0x000000000003cac0 /data/app/~~fmd-2eOIZQSyK8cYztFZOA==/com..-nz1s8sHHudJOM_pfsiyGAA==/lib/arm64/libhev-socks5-tunnel.so (tcp_abandon+100) (BuildId: b4165fa603dc881bacc33c777bad88a1554f8f76)
tcp_abandon
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel/third-part/lwip/src/core/tcp.c:602:7
#09 0x0000000000019ef0 /data/app/~~fmd-2eOIZQSyK8cYztFZOA==/com..-nz1s8sHHudJOM_pfsiyGAA==/lib/arm64/libhev-socks5-tunnel.so (hev_socks5_tunnel_main+336) (BuildId: b4165fa603dc881bacc33c777bad88a1554f8f76)
lwip_fini
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel//src/hev-main.c:84:13
hev_socks5_tunnel_main
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel//src/hev-main.c:139:5
#10 0x0000000000019d44 /data/app/~~fmd-2eOIZQSyK8cYztFZOA==/com..-nz1s8sHHudJOM_pfsiyGAA==/lib/arm64/libhev-socks5-tunnel.so (BuildId: b4165fa603dc881bacc33c777bad88a1554f8f76)
thread_handler
/Users/evgenybozhko/Projects//app/src/main/jni/hev-socks5-tunnel//src/hev-jni.c:68:5
#11 0x00000000000b62b8 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
#12 0x0000000000052fb8 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 058e3ec96fa600fb840a6a6956c6b64e)
Crash dump is completed
@heiher Hi. Do you have any idea whats going wrong ?
I can't reproduce it on my side.
@evgenybozhko2 Could you provide a simple way that based on sockstun to reproduce it?
@heiher This is not reproduce from repository. This crash reproduces when compile the latest version of your master repo, and compile for android.
I saw that the latest version of hev-socks5-tunnel was used in sockstun, and compiled for Android as a JNI library.
https://github.com/heiher/sockstun/tree/master/app/src/main/jni
@heiher I have make build for you which can crash. Please look at logcat on my screen. https://github.com/evgenybozhko2/sockstunAndroidCrash
Thank you so much.
@evgenybozhko2 Thanks for your feedback. Although I still can't reproduce it, I came up with a possibility that could be causing the issue. Please try this patch: 51b7e80
Does it work for you? @evgenybozhko2
Does it work for you? @evgenybozhko2
Perfectly works!